tcell_agent 0.2.26 → 0.2.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent/configuration.rb +3 -2
- data/lib/tcell_agent/rails/dlp.rb +6 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +9 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +5 -5
- data/lib/tcell_agent/rails/responses.rb +19 -0
- data/lib/tcell_agent/start_background_thread.rb +11 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rails/responses_spec.rb +120 -0
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e93674e3ce539710e90605fc2655eff1d988017
|
|
4
|
+
data.tar.gz: 482dd34778a453b1a63c6e0bc7976b1c893bb9af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6432e1455a95c5c28c62c7ff85f367316f4ad78d58fc5ffdb03b83b9fb9ffbb21137fd9c9d34423a01ffd00ad10f18d9a19cd9dc93f5ab20b7cfdc4806eb65fd
|
|
7
|
+
data.tar.gz: ecac85ac908c46e83a5f850005bef88565955af581512c31ee63e45c1ef3147771780e90fb6db166dbd30fab8c928de0c3086cb8829fd701312c4dbf25f9b064
|
|
@@ -159,8 +159,6 @@ module TCellAgent
|
|
|
159
159
|
|
|
160
160
|
@allow_unencrypted_appfirewall_payloads = false
|
|
161
161
|
|
|
162
|
-
# Because ENV can override this one
|
|
163
|
-
env_unencrypted_firewall =
|
|
164
162
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
|
|
165
163
|
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
|
|
166
164
|
end
|
|
@@ -250,7 +248,10 @@ module TCellAgent
|
|
|
250
248
|
@agent_home_owner = app_data.fetch("agent_home_owner",@agent_home_owner)
|
|
251
249
|
|
|
252
250
|
@logging_options = app_data.fetch("logging_options", {})
|
|
251
|
+
# DEPRECATED: this was incorrectly placed here. Keep it here until we can
|
|
252
|
+
# be sure that no customers are relying on this
|
|
253
253
|
@agent_log_dir = @logging_options.fetch("log_dir", @agent_log_dir)
|
|
254
|
+
@agent_log_dir = app_data.fetch("log_dir", @agent_log_dir)
|
|
254
255
|
@log_file_name = @logging_options.fetch("filename", @log_file_name)
|
|
255
256
|
|
|
256
257
|
@tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
|
|
@@ -28,6 +28,7 @@ require 'cgi'
|
|
|
28
28
|
require 'thread'
|
|
29
29
|
|
|
30
30
|
require 'tcell_agent/configuration'
|
|
31
|
+
require 'tcell_agent/rails/responses'
|
|
31
32
|
|
|
32
33
|
|
|
33
34
|
module TCellAgent
|
|
@@ -281,6 +282,11 @@ module TCellAgent
|
|
|
281
282
|
TCellAgent.configuration.should_intercept_requests?
|
|
282
283
|
|
|
283
284
|
TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
|
|
285
|
+
if TCellAgent::Utils::Rails.empty_content?(response.status, response.headers) ||
|
|
286
|
+
TCellAgent::Utils::Rails.streaming_response?(response.headers)
|
|
287
|
+
return
|
|
288
|
+
end
|
|
289
|
+
|
|
284
290
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
285
291
|
if tcell_context
|
|
286
292
|
response.body = tcell_context.filter_body(response.body)
|
|
@@ -11,6 +11,7 @@ require 'tcell_agent/sensor_events/util/redirect_utils'
|
|
|
11
11
|
|
|
12
12
|
require 'tcell_agent/configuration'
|
|
13
13
|
require 'tcell_agent/instrumentation'
|
|
14
|
+
require 'tcell_agent/rails/responses'
|
|
14
15
|
|
|
15
16
|
module TCellAgent
|
|
16
17
|
module Instrumentation
|
|
@@ -66,8 +67,13 @@ module TCellAgent
|
|
|
66
67
|
body.sub!(BodyFilterMiddleware::HEAD_SEARCH_REGEX,"<head>#{script_insert}")
|
|
67
68
|
end
|
|
68
69
|
def _handle_js_agent_add(request, response)
|
|
69
|
-
TCellAgent::Instrumentation.safe_block("Handling JSAgent add")
|
|
70
|
+
TCellAgent::Instrumentation.safe_block("Handling JSAgent add") do
|
|
70
71
|
status, headers, rack_body = response
|
|
72
|
+
if TCellAgent::Utils::Rails.empty_content?(status, headers) ||
|
|
73
|
+
TCellAgent::Utils::Rails.streaming_response?(headers)
|
|
74
|
+
return response
|
|
75
|
+
end
|
|
76
|
+
|
|
71
77
|
if (headers.fetch("Content-Type","").start_with?'text/html')
|
|
72
78
|
script_tag_policy = TCellAgent.policy(TCellAgent::PolicyTypes::CSP)
|
|
73
79
|
if (script_tag_policy &&
|
|
@@ -80,7 +86,8 @@ module TCellAgent
|
|
|
80
86
|
response = [status, headers, newbody]
|
|
81
87
|
end
|
|
82
88
|
end
|
|
83
|
-
|
|
89
|
+
end
|
|
90
|
+
|
|
84
91
|
response
|
|
85
92
|
end
|
|
86
93
|
end
|
|
@@ -13,6 +13,7 @@ require 'tcell_agent/userinfo'
|
|
|
13
13
|
require 'cgi'
|
|
14
14
|
|
|
15
15
|
require 'tcell_agent/instrumentation'
|
|
16
|
+
require 'tcell_agent/rails/responses'
|
|
16
17
|
|
|
17
18
|
module TCellAgent
|
|
18
19
|
module Instrumentation
|
|
@@ -33,7 +34,6 @@ module TCellAgent
|
|
|
33
34
|
response = @app.call(env)
|
|
34
35
|
|
|
35
36
|
if TCellAgent.configuration.should_intercept_requests?
|
|
36
|
-
status, headers, active_response = response
|
|
37
37
|
TCellAgent::Instrumentation.safe_block("Handling Request") {
|
|
38
38
|
tcell_response = response
|
|
39
39
|
unless request.env[TCellAgent::Instrumentation::TCELL_ID].ip_blocking_triggered
|
|
@@ -138,15 +138,15 @@ module TCellAgent
|
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
def _handle_appsensor(request, response)
|
|
141
|
-
TCellAgent::Instrumentation.safe_block("Handling AppSensor")
|
|
141
|
+
TCellAgent::Instrumentation.safe_block("Handling AppSensor") do
|
|
142
142
|
status_code, response_headers, response_body = response
|
|
143
143
|
|
|
144
144
|
content_length = 0
|
|
145
145
|
if response_headers['Content-Length']
|
|
146
146
|
content_length = response_headers['Content-Length'].to_i
|
|
147
147
|
|
|
148
|
-
elsif
|
|
149
|
-
TCellAgent::Utils::
|
|
148
|
+
elsif TCellAgent::Utils::Rails.empty_content?(status_code, response_headers) ||
|
|
149
|
+
TCellAgent::Utils::Rails.streaming_response?(response_headers)
|
|
150
150
|
content_length = 0
|
|
151
151
|
|
|
152
152
|
elsif response_body.respond_to?(:to_ary) || response_body.is_a?(Rack::BodyProxy)
|
|
@@ -169,7 +169,7 @@ module TCellAgent
|
|
|
169
169
|
)
|
|
170
170
|
TCellAgent.send_event(event)
|
|
171
171
|
return [status_code, response_headers, response_body]
|
|
172
|
-
|
|
172
|
+
end
|
|
173
173
|
|
|
174
174
|
response
|
|
175
175
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module TCellAgent
|
|
2
|
+
module Utils
|
|
3
|
+
module Rails
|
|
4
|
+
|
|
5
|
+
STATUSES_MISSING_CONTENT_LENGTH = Set.new((100..199).to_a + [204, 205, 304])
|
|
6
|
+
|
|
7
|
+
def self.empty_content?(status_code, headers)
|
|
8
|
+
return STATUSES_MISSING_CONTENT_LENGTH.include?(status_code.to_i) ||
|
|
9
|
+
(!!headers['Content-Length'] && headers['Content-Length'].to_i == 0)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.streaming_response?(headers)
|
|
13
|
+
return TCellAgent::Utils::Strings.present?(headers['Transfer-Encoding']) ||
|
|
14
|
+
TCellAgent::Utils::Strings.present?(headers['Content-Transfer-Encoding'])
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -87,6 +87,17 @@ if (TCellAgent.configuration.disable_all == false)
|
|
|
87
87
|
logging_options[:level] || logging_options["level"] || "INFO"
|
|
88
88
|
)
|
|
89
89
|
)
|
|
90
|
+
|
|
91
|
+
# Deprecated: this is so we can ensure no one is using this setting so we can remove
|
|
92
|
+
# the code altogether in the future
|
|
93
|
+
if logging_options.has_key?(:log_dir) || logging_options.has_key?("log_dir")
|
|
94
|
+
TCellAgent.send_event(
|
|
95
|
+
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
|
|
96
|
+
"deprecated_log_dir",
|
|
97
|
+
logging_options[:log_dir] || logging_options["log_dir"]
|
|
98
|
+
)
|
|
99
|
+
)
|
|
100
|
+
end
|
|
90
101
|
else
|
|
91
102
|
TCellAgent.send_event(
|
|
92
103
|
TCellAgent::SensorEvents::TCellAgentSettingEvent.new("logging_enabled", "false")
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module TCellAgent
|
|
4
|
+
module Utils
|
|
5
|
+
|
|
6
|
+
describe ".responses" do
|
|
7
|
+
|
|
8
|
+
context ".empty_content?" do
|
|
9
|
+
context "with nil status code" do
|
|
10
|
+
context "with empty headers" do
|
|
11
|
+
it "should return false" do
|
|
12
|
+
expect(Rails.empty_content?(nil, {})).to eq(false)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
context "with Content-Length header" do
|
|
17
|
+
context "that is zero" do
|
|
18
|
+
it "should return true" do
|
|
19
|
+
expect(Rails.empty_content?(nil, {'Content-Length' => 0})).to eq(true)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
context "that is non zero" do
|
|
24
|
+
it "should return false" do
|
|
25
|
+
expect(Rails.empty_content?(nil, {'Content-Length' => 1})).to eq(false)
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context "with a status code" do
|
|
32
|
+
context "that contains no content" do
|
|
33
|
+
context "with empty headers" do
|
|
34
|
+
it "should return true" do
|
|
35
|
+
expect(Rails.empty_content?(204, {})).to eq(true)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
context "with Content-Length header" do
|
|
40
|
+
context "that is zero" do
|
|
41
|
+
it "should return true" do
|
|
42
|
+
expect(Rails.empty_content?(204, {'Content-Length' => 0})).to eq(true)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
context "that is non zero" do
|
|
47
|
+
it "should return true" do
|
|
48
|
+
expect(Rails.empty_content?(204, {'Content-Length' => 1})).to eq(true)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
context "that contains content" do
|
|
55
|
+
context "with empty headers" do
|
|
56
|
+
it "should return false" do
|
|
57
|
+
expect(Rails.empty_content?(200, {})).to eq(false)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
context "with Content-Length header" do
|
|
62
|
+
context "that is zero" do
|
|
63
|
+
it "should return true" do
|
|
64
|
+
expect(Rails.empty_content?(200, {'Content-Length' => 0})).to eq(true)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
context "that is non zero" do
|
|
69
|
+
it "should return false" do
|
|
70
|
+
expect(Rails.empty_content?(200, {'Content-Length' => 1})).to eq(false)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
context ".streaming_response?" do
|
|
79
|
+
context "with empty headers" do
|
|
80
|
+
it "should return false" do
|
|
81
|
+
expect(Rails.streaming_response?({})).to eq(false)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
context "with headers" do
|
|
86
|
+
context "that are missing Transfer-Encoding" do
|
|
87
|
+
context "that are missing Content-Transfer-Encoding" do
|
|
88
|
+
it "should return false" do
|
|
89
|
+
expect(Rails.streaming_response?({})).to eq(false)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
context "that have Content-Transfer-Encoding" do
|
|
94
|
+
it "should return true" do
|
|
95
|
+
expect(Rails.streaming_response?({"Content-Transfer-Encoding" => "chunked"})).to eq(true)
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
context "that have Transfer-Encoding" do
|
|
102
|
+
context "that are missing Content-Transfer-Encoding" do
|
|
103
|
+
it "should return true" do
|
|
104
|
+
expect(Rails.streaming_response?({"Transfer-Encoding" => "chunked"})).to eq(true)
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
context "that have Content-Transfer-Encoding" do
|
|
109
|
+
it "should return true" do
|
|
110
|
+
expect(Rails.streaming_response?({
|
|
111
|
+
"Transfer-Encoding" => "chunked",
|
|
112
|
+
"Content-Transfer-Encoding" => "chunked"})).to eq(true)
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
end
|
|
120
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.27
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Garrett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-02-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- lib/tcell_agent/rails/middleware/global_middleware.rb
|
|
197
197
|
- lib/tcell_agent/rails/middleware/headers_middleware.rb
|
|
198
198
|
- lib/tcell_agent/rails/on_start.rb
|
|
199
|
+
- lib/tcell_agent/rails/responses.rb
|
|
199
200
|
- lib/tcell_agent/rails/routes/grape.rb
|
|
200
201
|
- lib/tcell_agent/rails/routes/route_id.rb
|
|
201
202
|
- lib/tcell_agent/rails/routes.rb
|
|
@@ -320,6 +321,7 @@ files:
|
|
|
320
321
|
- spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb
|
|
321
322
|
- spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb
|
|
322
323
|
- spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb
|
|
324
|
+
- spec/lib/tcell_agent/rails/responses_spec.rb
|
|
323
325
|
- spec/lib/tcell_agent/rails/routes/grape_spec.rb
|
|
324
326
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
|
325
327
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
|
@@ -470,6 +472,7 @@ test_files:
|
|
|
470
472
|
- spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb
|
|
471
473
|
- spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb
|
|
472
474
|
- spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb
|
|
475
|
+
- spec/lib/tcell_agent/rails/responses_spec.rb
|
|
473
476
|
- spec/lib/tcell_agent/rails/routes/grape_spec.rb
|
|
474
477
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
|
475
478
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|